With data mining tools like Maltego and other correlation tools for large data sets, if we conduct any transactions online assume that these can all be collated to build a good picture of what we do, buy, read etc (hence Google etc).

If a normal person, with a large online history decides to go off-web, is there an effective way to do this?

Winess protection programs have a system for this. Change name, change national id numbers, change location, change vocation. All without linkages between the old and new.
–
schroederDec 18 '13 at 22:00

27

Of course. The data exists. Are you expecting to reach into the the databases of the world to delete the information? The only way to anonymize is to deassociate yourself from those data sets. An efficient way to do that is to 'invalidate the index' by dereferencing yourself from the index, i.e. change your identity.
–
schroederDec 18 '13 at 22:18

8

This is hard. You could write a book about it. In fact, several have been written... Though, to be clear, what do you mean by "off-web"? If you stop using the Internet and your cell phone entirely, then there's not much data left.
–
Michael HamptonDec 19 '13 at 0:46

26

At the point you have succeeded you will also be someone else.
–
stackunderflowDec 19 '13 at 10:33

20 Answers
20

The problem is heuristics. All mentioned tools are built on heuristics and the only way to avoid them is to change how you live completely. You can be fingerprinted by the modules installed in your browser. By the programs you use and the frequency you use them.

These days you're going further than just online behavior. Shops know what you buy in what amounts, because nobody buys all the same brands you are getting fingerprinted constantly. This is used for targeted advertising, but it can also theoretically be used to track you.

MIT's Reality Mining project proved the same using smartphones. You prefer certain apps, you use your phone at certain intervals, you move around certain places. This all contributes to a somewhat unique pattern (back when I did some research on it during my internship we were getting 91% certainty in simulations, even when people changed their SIM card every few days we were still able to track them based on the SSIDs they encountered, places they went, apps they installed and used, when they checked their phones, Bluetooth devices they connect to, cell towers they passed at a certain moment in time and what smileys they use in text messages).

Avoiding heuristics means changing everything you do completely. Stop using the same apps, accounts, go live somewhere else and do not buy the same food from the same brands. The problem here is that this might also pop up as a special pattern because it is so atypical.

Changing your identity is the first step. The second one is not being discovered. As Thomas said the internet doesn't forget. This means that photos of you will remain online, messages you posted, maybe even IDs you shared will remain on the net. So even when changing your behavior it only will need one picture which might expose you.

(Having no reputation on here, I put my idea in a comment:) What if you pool your identity and behavior with a lot of people to confuse the tracking? Making it seem as if it is all the same user with different devices and browsers. Of course one would lose the benefits of recommendations and so on but OP seems to be fine with that.
–
CilvicDec 19 '13 at 12:04

1

I wrote a fraud tracking system based on that. It works amazingly. A returning fraudster is statistically detected with great accuracy (even if they change their ip, country, phone, address, etc and "borrow" a new online identity), because they always leave unique "signatures". The system cannot add new "dimensions" by itself but it would be an interesting topic to explore.
–
TotoDec 19 '13 at 12:55

11

They're definitely allowed to build a database of what items you buy...what do you think "loyalty cards" are really for? The stores aren't just eager to save you money...they're collecting info about you.
–
cHaoDec 19 '13 at 13:24

2

Based on this answer, a good follow up question would be: Which action "feed" stronger into said heuristics, which less so? Brushing you teeth with left hand all of a sudden will have no effect, compltely changing your browser plugins may.
–
martDec 19 '13 at 16:05

You cannot enforce forgetfulness. The Web is like a big memory, and you cannot force it to forget everything about you(*). The only way, thus, is to change your identity so that everything the Web knows about you becomes stale. From a cryptographic point of view, this is the same case as with a secret value shared by members of a group: to evict a group member, you have to change the secret value.

(*) Except by applying sufficiently excessive force. A global thermonuclear war, with all the involved EMP, might do the trick, albeit with some side effects.

And after the war to end all wars, only the cockroaches and that embarrassing photo of you at the company Christmas party that Susan just had to go and put on your Facebook wall even after you specifically told her not to, I mean, come on; there's such a thing as common courtesy - were left to inherit the Earth...
–
Dan JDec 19 '13 at 18:37

1

Or like AACS where future messages cannot be decrypted by a blacklisted member.
–
LocutusDec 20 '13 at 14:51

I agree with one of the comments that one could write a book on this (I have an idea!) because this could get broad, but consider that these data mining tools (and I build them!) make some major assumptions. For instance, consider search history. One could easily build a program or a tool that would do "random" searches on topics where a person lacks interest. I've done this with Google where a program will search for dogs, dog food or dog treats and months later, I suddenly see these advertisements appearing everywhere.

if we conduct any transactions online these can all be collated to
build a good picture of what we do, buy, read etc

When it comes to finances, it's similar; I have to make an assumption that the data I receive are an accurate indicator of who you are. Suppose you make 1/3 or more of your purchases completely away from your interest, for instance, you're truly a Libertarian, but you decide to subscribe to a Socialist magazine. How accurate are my data then? Also, you may change in ten years, so how accurate will my data be then, unless I account for it (and how effective then is it to have all the historic data)?

Of course, we could all argue, who in the world would do that? If you've ever read Soros' The New Paradigm For Financial Markets he mentions his family went through WWII without the trouble many Jews had because, as I interpret it, his family was careful with the information they provided to others. Privacy, historically, is priceless, even if a few generations mistakenly think it's not.

Let the poisoned information stay for some time. Meanwhile, you could additionally change these details again. Poisoning the poisoned! Ensure that there is no visible pattern or link between any of the poisoned accounts.

Then you could delete all of them, again very slowly.

My idea behind this approach is what the other answers have already said, to poison the original data. I believe that all sites store your history but they won't log your 'previous' personal details like name, dob etc(I'm not sure about this, could someone confirm?)

Once you've poisoned your accounts, they should remain so for some time. Once again, how long I cannot know. Probably one or two months or more. And finally you delete those accounts, all of them.

You could also consider using some of these accounts, the less conspicuous, to spam others(most sites discard spammers as unimportant and non-human).

Ideally, when you plan on going off the web, you will have to plan in advance, start months before. It is not an easy process, and to be anonymous and remain anonymous is a very tough challenge.

This is actually a very smart solution. Most sites overwrite the old information with what's newly available. If you simply take it offline, it will be there forever, but this is a good idea.
–
asteriDec 20 '13 at 18:02

It's actually no big deal to add version history in databases, my assumption is that most big players save your old data aswell.
–
TheChampDec 24 '13 at 12:52

1

Google for people with an equal or similar name. Try to link to them, but only if they are not related to you. Another option: register at websites that you never registered to, to poison more. Don't do this from your home or work IP address.
–
SPRBRNMay 27 '14 at 10:40

I take it we should not "star" this question, and return to it at a later date if we are planning on account poisoning?
–
recursion.ninjaAug 11 '14 at 20:39

Entirely change your name, behaviour, appearance, your country, your friends etc so there is no correlation between data prior to the change and post-change. Like witness protection programmes, but with everything you do, not just your physical presence. Your buying habits have to change in department stores, you may need to develop a taste in different foods...

An alternative is to take Question3CPO's answer a bit further and deliberately poison the results of any data analysis by making random or deliberately wrong choices on a significant number of your daily activities. I have a feeling this could take some years to accomplish, and once you change identity, you still can't go back to your original behaviour as the original data store may still match you.

I disagree that such drastic changes are required. First of all, if you are truly going "off-web", from where exactly do we get the new data set to compare to the old one? Second, behavioral data is hardly enough to identify you. There's an enormous difference between composing targeted advertisements and pinpointing a single match among a billion users. Attempting facial recognition on that set would also result in a staggering number of false positives.
–
nmcleanDec 19 '13 at 18:16

3

I would start by changing my computer and internet provider. All mechanical tracable points like macAddress, IP, etc. Then, install some proxy like TorOnion, a virtual machine in witch i would have set a decent not known to public browser with all 3rd party cookies off, pixel.gif off, flashCookies off and THEN create a new profile of a NEW me with a new email address from my own server. After that i would restrick myself to anonymous search engines like duckduckgo. I commented your post to participate (rep < 10) to this good sense of human beeing question.
–
Milche PaternDec 22 '13 at 3:57

“Too much information equals little information.” → Segal's law: “A man with a [or one] watch knows what time it is. A man with two watches is never sure.”
–
ScottDec 20 '13 at 17:36

1

That's a nice way to answer and I believe some anonymous networks use this technique to hinder tracking. However, as long as money is involved (say for online shopping), your name and probably address will be there as well, and it's complicated to buy decoy stuff if you're not rich enough. Let's use Bitcoin. :)
–
TotorDec 22 '13 at 1:36

Anyone who considers going off-web and changing identity should also change country imo.

Basically, move to a country that is different enough from where you currently live so that you'll be effortlessly forced to change your friends, habits, etc., in a word the signature you leave behind.

You can always return home later if you really miss it. The key is to develop new tastes and habits before doing so.

Unless you shouldn't return home at all, as is the case if home is one of the more advanced countries -- one with the likes of the NSA, or where tracking is ubiquitous.

Naturally, it helps to reduce the signature you leave around to begin with, e.g. use cash, don't leave pictures online, etc., as well as add noise to the signal you leave behind (e.g. by having a bot do random searches for you.)

interesting idea... only trouble with changing country is that most countries you can legally (read:easily) change to are going to be obviously linkable to you (e.g., if you have two passports, perhaps you're in that second country, or as an eu citizen, perhaps you're in another eu country...) and quite possibly, you'll have left a trail at border control with your passport anyway. Illegal immigration without any trace? not so easy.
–
yochannahDec 24 '13 at 11:46

@yochannah: That's missing the point somewhat, though. In the EU, moving from France to Germany or vice versa exposes you to enough differences in the local habits and consumption patterns to change your own. Plus, strong border control with patrols is mostly a thing of developed countries: going from Belize to Guatemala without a trace is a matter of walking across the jungle. (And in the case of the Schengen Zone, it's a matter of taking a bus.) If anything, in fact, entering a country legally is harder because it involves paperwork. (And lawyer fees; hmm.)
–
Denis de BernardyDec 24 '13 at 11:55

I suppose you may be right; even if border control logs you as entering a country, if you can change your habits significantly enough because you're in that country, you'd still be hard to find. Aside, I find it interesting/amusing that you think entering legally harder than illegally. I'm a citizen of 3 countries and lived for 1.5yrs in a 4th (legally)... and while there is paperwork, money, and hard work, I wouldn't have the faintest idea how to immigrate illegally and still have a nice life with creature comforts like a regular paycheck...
–
yochannahDec 24 '13 at 12:07

@yochannah: I see where you come from, and wouldn't want to be living illegally anywhere myself... But let's just say I lived in a few more countries than that, and that I've met a whole bunch of out of the ordinary people while doing so.
–
Denis de BernardyDec 24 '13 at 12:19

The answer depends on how hard people are looking for you. For someone like Edward Snowden, this is quite literally impossible. With the world's best-funded and most heavily-equipped group of spies hell-bent on keeping track of you, you cannot disappear.

Other people can be lost and forgotten in their own home. If nobody is looking for you, you might as well already be dead: and in fact if you were, nobody would know.

If you have build a solid life and legacy online, then that's where your identity is: online. In such a case, your own personal bag of flesh is only attached to that identity at a few critical connection points. Photo-identification documents, perhaps; or the memories of others who know you. You could either disassociate your online identity with your physical one over time using a systematic stream of misinformation, or perhaps quietly relocate yourself to some place where records are not so systematically kept and processed. As long as you don't leave a persistent trail of breadcrumbs and nobody is watching you terribly closely, this should be reasonably simple. The proud tradition of starting a new life in a foreign land has been pursued by an uncountable host of characters over the centuries. It's as possible today as it ever has been, though the list of candidate destinations is smaller.

If you are willing to assume a new identity and break all ties with the past then yes, you could drop off the net, change your name, and move. Create a new bank account under the new name, get a job under the new name, etc. If you never have an email account after that or go on the web again your new identity really would be off-web.

As for whether you could go off-web without taking such drastic steps then the answer is no. Many web sites have an option to delete your account but almost none take the step of removing all your previous data. Remember how many sites are "free"? Well, you paid for it by allowing them to use your data how they like as long as they like.

Legislation is no help here. Even in the EU, where privacy laws are the most strict, the EU court back in June ruled that there is no right to be forgotten. In this case Google was judged not to be required to delete data even if it was requested, as it was an aggregator and not the controller of the data.

Your online identity is there to stay, partly because that's the price you pay for a free service.

I don't think it's really all that possible to remove yourself entirely. Go remove yourself from as many services you have accounts for, either by doing it yourself or asking the service provider to do it.

Stop posting anything by any of your online identities and hopefully people will stop reposting whatever you said, and eventually maybe the search engines will find stuff too old and they will stop indexing it. Unlikely though.

I'm sure that if you begged, pleaded, and sold your soul to them, Google might even consider listening to your request to have your identity removed from their indexes before they flag your name for further indexing. :)

Anything you ever wrote or published on the Internet is there forever. Trying to remove it is futile. Hordes of robots and search engines in dozens of countries that you have never heard of have already archived it and will never let it go, however nice you may ask. A few countries (e.g. France) offer Laws under which you can ask for removal of personal information, but there is a difference between asking and being granted, and such laws extend only to the country borders, not beyond.

Also, you cannot force people to forget. Mind control is illegal, and tricky.

Information can still be lost by being drowned into an ocean of other information. The Internet at large appears to be quite good at generating terabytes of meaningless junk, but search engines have improved too, and still manage to extract and index information within all that mess. One day, entropy will win, and grant you forgetfulness of your past actions.

In the meantime, Internet is like a ultimate responsibility machine. You have to be careful. One common way to evade having to live with your misbehaviours, that many people employ, is the use of pseudonyms -- and you already know that (unless "lop" is your real name, in which case you should sue your parents for cruelty).

It is not possible to eradicate your online presence but you can make it so much confusing that it become difficult for anyone to connect the dots. The grugq has a few guidelines that you need to follow:

Put the Plumbing in first

Create a cover (new persona)

Work on the legend (history, background, supporting evidence for the
persona)

Create sub-aliases

Never CONTAMINATE

You cannot delete what you post online but you can control what you put online.

Never reveal your operational details

Never reveal your plans

Never trust anyone

Never confuse recreation with hacking (or anything else you want to
hide)

Well you can be hidden but you can not be forgotten. You can first edit then remove all the images and info on all websites. Request to Google and every other provider to delete all the info about yourself. Make your email/phone number etc hidden and so on...

However, this would only hide you from other end-users, where end-user includes hackers etc... But it is known that neither Facebook nor Google and some other companies never delete anything. Thay may take it off the internet or securely hide it, but they would never ever delete anything from their own database, and you agreed to this.

So basically, you can hide your past but you can't delete it. Big companies will always have them, and since they are mostly U.S. based, the U.S. government will have it... And if a talented hacker can get in somehow, he will have it... And even if you change your name and etc (which is a lame idea in my opinion) this wouldn't stop them, would it?

So basically, you can hide your past from your creepy gf/bf but that's pretty much it.

It is not possible because most services do not permit removal at all and, even if some do, it is just a declaration most of them do not really delete but just hide that data.

This is too big topic but I'll give just a few hints that such attempts are senseless:

the laws of most countries require to store most data and accountspassed through servers for many years; it is the matter of security - just imagine the cybercrime opportunities if accounts were really deleted;

OLAP (Online Analytical Processing) databases are read-only and most approaches to data processing are that data are never deleted;

when someone replied you in a forum with quoting, this quote with your account username quoted is still there publicly available to all even if you removed/hidden your account;

"Yourself" is not just username(s), account(s), IPs, stored discussions, comments in isolation. It is most probably all of them (btw, interconnected and trackable) including the logo in ISPs servers about your connections to internet even during the time when you believe you are sleeping.

Internet is not based or functioning on self-suicidal modes and as far as you connect to it, "Yourself" is part of it and attempts of self-suicide "Yourself" is synonym of killing the internet.

PS
Might be I did not understand the question.

Also, it is most probable, that we are trying to dispute the things without agreeing on common definitions of used terms first , what is also senseless.

the other alternative is to fake your death, distance yourself from all your past cyber life. change software,food and communications tastes. have someone report your social accounts as no longer in use but the ultimate decision lies in change of identity and life pattern.

Pack your bags, leave the country, renounce your citizenship, and become a hermit living near the pole of inaccessibility in Africa for the next 10 years. After that, few would ever recognize you, perhaps not even your own family.

In May 2014, the European Court of Justice backed "a right to be forgotten" in a case against Google brought by a Spanish man who was offended by search results. The court said links to "irrelevant" and outdated data should be erased on request.

For an EU resident who wishes to remove all online traces about himself/herself, this ruling could be very important. Search engines and other players in the EU market will have to abide by these rules.

This is an important development, so I have upvoted, but in my opinion this ruling is not very useful. The data itself can still exist - but this places an onus on the search providers to validate data, or at least have some sort of 'revocation list'
–
Rory Alsop♦May 27 '14 at 13:27

In addition to all of the above and below answers, to truly anonymise yourself you need to get a name change. That way when people meet you and search for you online, any of the accounts that you used with your real name will no longer come up (as it was your old name). However name changes are public record, so in reality it's just more "security through obscurity."